As smart mobile device being widely used, more and more businesses such as a financial transfer business and an Office Automatic (OA) service of an enterprise, which are processed originally in a PC environment, may be processed in the smart mobile device. In processing these businesses, a user is generally required to enter related particular information (such as a bank account password, an enterprise account password or a credit card number) on the mobile device, to authenticate a user identity or confirm transaction security. However, since an operating system of the mobile device is designed based on a concept of openness and practicability, a consideration for the security is not sufficient; hence, the particular information entered by the user on the smart device may be stolen by a criminal, which results in information leakage and huge potential security hazard.
To solve such security problem of the mobile device, there is a conventional solution of customizing a virtual keyboard, that is, in an application, particular information is entered by a custom virtual keyboard rather than by a keyboard provided by the operating system of the mobile device. Reference may be made to FIG. 1, where FIG. 1A shows a structure of a customized virtual keyboard, and FIG. 1B shows a process flow of entering particular information by using the customized virtual keyboard. A particular information entering application 1100 is for requesting a user to enter particular information. A particular information entering region 1110 is for receiving the particular information such as sensitive particular information entered by the user. A customized virtual keyboard 1120 takes the place of a systematic default keyboard and is for realizing security entering. When the particular information entering region 1110 becomes an entering focus, the built-in virtual keyboard 1120 is activated by the particular information entering application 1100 (as shown by label 1 in FIG. 1B); the systematic default keyboard is shielded by the built-in virtual keyboard 1120 (as shown by label 1.1 in FIG. 1B), and the customized virtual keyboard is displayed; the particular information entered by the user is then received by the virtual keyboard (as shown by label 1.2 in FIG. 1B); the particular information entered by the user is encrypted by the virtual keyboard 1120 by using a built-in key (as shown by labels 1.3 and 1.3.1 in FIG. 1B), and a ciphertext is returned to the particular information entering application 1100; after receiving the encrypted particular information, the particular information entering application 1100 submits the encrypted particular information to a background service (as shown by label 2 in FIG. 1B) to perform an authentication (as shown by label 2.1 in FIG. 1B); and then an authentication result is returned by the background service.
Since when the user enters the particular information, the keyboard built in the operating system is shielded by the application, and the information is entered by using the custom virtual keyboard, which prevents the particular information from being stolen by malicious software to some extent. However, the customized virtual keyboard still is run in an environment of the operating system of the mobile device, and a running environment is still a non-security execution environment; although the systematic keyboard is shielded, touch information generated when entering the particular information through the virtual keyboard and a content displayed by a screen may be intercepted by the malicious software, to further obtain the particular information entered by the user.